Curtain

This past Monday the amount of spam hitting our Zimbra mail server (5.0.5) spiked to twice the usual amount, causing our sever to fall 15 minutes behind in delivery.  While we were doing pretty well with spam blocking through Pyzor and other , the techniques were rather CPU intensive.

There are a number of options available in Zimbra to block mail even before running content checks through.  In the Zimbra administration console, go to "Global Settings" and the MTA tab.  At the bottom are "DNS checks".  The three available check boxes represent automatic black-hole lists based upon how the remote mail server connects to you.  It is amazing how many spam sources do not provide host names or domains in greetings.  Turning on these options cut out at least 50% of the incoming spam before being processed by our content checks.

Under the automatic DNS checks there is a "List of RBLs:" edit box.  By clicking plus and entering a known and make sure to comply to their usage guidelines).  Zen is a combination of three spamhaus.org lists, and offers an amazing combination of automated and policy-based black-hole list protection.

To add Zen to your black hole list, click on the "+" and add "zen.spamhaus.org" to the list of RBLs and then click "Save".  You will then need to tell Zimbra to access Zen by adding the following line to your  vi /opt/zimbra/conf/postfix_recipient_restrictions.cf (as root):

  %%contains VAR:zimbraMtaRestriction reject_rbl_client zen.spamhaus.org%%

Then restart your mail processing (as zimbra):

  zmamavisdctl restart

By looking at the Zimbra admin server statistics and using , you can then monitor the progress of the black-hole list protection.  Within three hours of adding zen.spamhaus.org, it intercepted over 3500 messages, and our system load is back down to 0.2.  Absolutely wonderful!

Leave a Reply